Privacy Policy

1. Who we are

TalentHQ is the data controller for personal data processed on this platform. We connect employers, jobseekers and skilled tradespeople (handymen) across Nigeria. Our registered contact for data protection matters is privacy@talenthq.buzz.

2. What personal data we collect

Account and identity data

• Full name, email address and password (hashed)
• Phone number and WhatsApp number
• Profile photo (avatar)
• Location: state, city, LGA, address
• Role: jobseeker, handyman or employer

Professional and employment data

• CV / resume file
• Work experience, education, skills, certifications, projects
• Job applications and their status
• Interview invitations and responses

Employer and company data

• Company name, website, industry, size
• CAC registration number (for verification badge)
• Job postings created on the platform

Usage and technical data

• IP address at time of contact form submission
• Browser type and device information (via standard web logs)
• Pages visited and time spent (aggregated analytics only)

Payment data

• Subscription plan, payment reference and transaction status — we do not store card details; all payment processing is handled by Paystack under their own privacy policy

Communications

• Messages sent between users on the platform
• Contact form submissions (name, email, subject, message)
• Review and rating content you submit

3. Lawful basis for processing (NDPA Section 25)

The NDPA requires us to identify a lawful basis for each category of processing. We rely on the following:

4. How we use your data

• Operate and maintain your account and dashboard
• Display your profile to relevant employers or candidates
• Send you application updates, interview invitations and messages
• Process subscription payments and send receipts
• Show relevant job listings and candidate recommendations
• Prevent fraud, spam and abuse on the platform
• Comply with legal obligations and NDPC directives
• Respond to your contact form enquiries

5. Who we share your data with

We do not sell your personal data. We share data only with:

• Other users: your public profile is visible to employers/candidates as applicable to your role
• Paystack: payment processing — governed by Paystack's own privacy policy
• Resend: transactional email delivery
• Cloudinary: secure cloud storage for resumes and images
• MongoDB Atlas: our database provider (data stored in cloud infrastructure with encryption at rest)
• NDPC and law enforcement: where required by a lawful order, court order or to prevent a serious crime

All third-party processors are bound by data processing agreements that require them to protect your data to at least the standard set by the NDPA.

6. Your rights under the NDPA 2023

As a data subject under the NDPA, you have the following rights. To exercise any of them, email us at privacy@talenthq.buzz — we will respond within 30 days.

• Right to access: request a copy of all personal data we hold about you
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request deletion of your data where no legal basis exists to retain it
• Right to restriction: ask us to pause processing while a dispute is resolved
• Right to data portability: receive your data in a machine-readable format
• Right to object: object to processing based on legitimate interests
• Right to withdraw consent: where processing is based on consent, you may withdraw at any time without affecting past lawful processing
• Right to lodge a complaint: you may complain to the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng

7. Data retention

• Active account data: retained for the duration of your account
• Account data after deletion: anonymised within 30 days of verified deletion request
• Job applications: retained for 12 months after the position closes
• Payment records: 7 years (required by Nigerian financial regulations)
• Contact form messages: 2 years
• Security logs (IP addresses): 90 days
• Notification records: 60 days (automatic TTL deletion)

8. International data transfers

Your data is stored on servers operated by MongoDB Atlas and may be processed in data centres outside Nigeria. Where this occurs, we ensure adequate safeguards are in place through standard contractual clauses and processor agreements that meet the requirements of NDPA Section 43. We document all cross-border transfers as required by the NDPC GAID 2025.

9. Cookies

We use only essential cookies required for authentication and security. If we add analytics or marketing cookies in future, we will update our Cookie Policy and obtain your explicit consent before setting them, in compliance with NDPC GAID Article 19.

Read our full Cookie Policy →

10. Children's data

TalentHQ is not intended for persons under 18. We do not knowingly collect data from minors. If you believe a child has registered, email us at privacy@talenthq.buzz and we will delete the account immediately.

11. Security measures

• Passwords hashed with bcrypt (12 salt rounds)
• Authentication via httpOnly, secure, sameSite cookies — not localStorage
• HTTPS enforced on all connections
• JWT tokens with 7-day expiry
• MongoDB Atlas encryption at rest and in transit
• CORS restricted to authorised origins only
• Rate limiting on authentication and contact endpoints

12. Data breach notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the NDPC within 72 hours of becoming aware of the breach, and notify affected users without undue delay, as required by NDPA Section 40.

13. Changes to this policy

We may update this policy to reflect changes in law or our practices. We will notify registered users by email at least 14 days before material changes take effect. Continued use of the platform after that date constitutes acceptance.

14. Contact us